This week's book giveaway is in the Server-Side JavaScript and NodeJS forum.
We're giving away four copies of Modern JavaScript for the Impatient and have Cay Horstmann on-line!
See this thread for details.
Win a copy of Modern JavaScript for the Impatient this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Need suggestion for preventing website from security breaches

 
Ranch Hand
Posts: 63
Eclipse IDE Spring Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I want to know about CSRF(Cross Sit Request Frogery) attack and what are various solutions using which i can prevent this attack.
Also provide views on which is the best solution which I can implement and how should I test my site for this attack and other breaches.

Thanks in advance for providing suggestions.
 
Ranch Hand
Posts: 42
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
Tomcat higher versions (I guess 7.x) has got built-in support for CSRF module you can download source code and have a look on that .There are some open-source libraries available ,one such exist from OWASP org known as OWASP CSRF Guard (I am not sure about its current limitations). A CSRF framework which works on Session/Request Token Synchronization Patterns would be a optimal solution.

As a security standards your application must be secured enough atleast from the following type of vulnarabilities

XSS (Cross Site Scripting) / Injection attacks
CSRF (Cross-Site Request Forgery)
Session Fixation
SQL Injections
Chache Poinsioning
HTTP Response Splitting
Buffer Overflow
Failure to Restrict URL Access
Unvalidated Redirects and Forwards

Appart from the manual testing you should use some tools for testing. Example WebInspect From HP or Rational App Scan from IBM. I have not yet used any opensource validation tools yet.
spend some time on https://www.owasp.org and education videos on web-security at You-Tube

Good Luck
Manjesh

 
Abhishek Purwar
Ranch Hand
Posts: 63
Eclipse IDE Spring Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Manjesh for information.
Can you provide some code example?
 
My first bit of advice is that if you are going to be a mime, you shouldn't talk. Even the tiny ad is nodding:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
    Bookmark Topic Watch Topic
  • New Topic